Hi all!
I'm realizing CA.
I've a problem related with signing ceritifactes.
Client uses following openssl command to generate request:
openssl req -new -key client.pem -out client.csr -subj "/C=UZ/ST=Tashkent/L=Tashkent/O=Home/OU=Home/CN=Olim/emailAddress=email@mail.net"
client.pem begins with "-----BEGIN RSA PRIVATE KEY-----" and ens with "-----END RSA PRIVATE KEY-----"
1) Where is public key?
Then CSR file must send to CA, CA signs it and generates ceritificate for Client.

As I understand, to generate certificate, Client must send to CA his public key and DN (distinguished name) or request file (csr), am I right?

I think generating private key in client-side a lot, today I found HTML <keygen> tag, it works in Firefox, Opera,Chrome, Safari, it generates key pair, private key stored in local keystore, public key is... public, Client can send it to CA. :)

2) How to generate CERTIFICATE for client using just his public key and DN? or
3) How to generate REQUEST for client using just his public key and DN (If I'll have request file, than I can generate certificate for client)?
Please, help me...
Thanks for advises (and sorry for my bad English)